Create a local management user or assign a domain user or AD group to a management role

You can create a local management user, and you can assign a management role to a local user, a domain user, or an AD group. Management users can perform system-level administration (VDC administration) and namespace administration. You can also remove the management role assignment.

Before you begin

  • This operation requires the System Administrator or Namespace Administrator role in ECS.
  • By default, the ECS root user is assigned the System Administrator role and can perform the initial assignment of a user to the System Administrator role.
  • To assign a domain user or an AD group to a management role, the domain users or AD group must have been added to ECS through an authentication provider. Adding an authentication provider must be performed by a System Administrator and is described in Add an AD or LDAP authentication provider.
  • To assign the Namespace Administrator role to a management user, you must create a management user using the following procedure and perform the role assignment on the Edit Namespace page in the ECS Portal (see Assign the Namespace Administrator role to a user or AD group). The user cannot log in until the Namespace Administrator role is assigned.

Procedure

  1. In the ECS Portal, select Manage > Users.
  2. On the User Management page, click the Management Users tab.
  3. Click New Management User.
  4. Click AD/LDAP User or AD Group or Local User.
    • For a domain user, in the Username field, type the name of the user. The username and password that ECS uses to authenticate a user are held in AD or LDAP, so you do not need to define a password.
    • For an AD group, in the Group Name field, type the name of the group. The username and password that ECS uses to authenticate the AD group are held in AD, so you do not need to define a password.
    • For a local user, in the Name field, type the name of the user and in the Password field, type the password for the user.
    User names can include uppercase letters, lowercase letters, numbers and any of the following characters: ! # $ & ' ( ) * + , - . / : ; = ? @ _ ~
  5. To assign the System Administrator role to the user or AD group, in the System Administrator box, click Yes.
    If you select Yes, but at a later date you want to remove System Administrator privileges from the user, you can edit this setting and select No.
  6. To assign the System Monitor role to the user or AD group, in the System Monitor box, click Yes.
  7. Click Save.